[Openid-specs-fapi] Issue #321: Editorial: Language describing acceptable token endpoint authentication mechanisms. (openid/fapi)
Ralph Bragg
issues-reply at bitbucket.org
Wed Sep 30 16:27:44 UTC 2020
New issue 321: Editorial: Language describing acceptable token endpoint authentication mechanisms.
https://bitbucket.org/openid/fapi/issues/321/editorial-language-describing-acceptable
Ralph Bragg:
Given that one describes a specific mechanism support by name shouldn’t for consistency this read
1. tls\_client\_auth or `self_signed_tls_client_auth` as specified in section 2 of MTLS. Also isn’t private\_key\_jwt meant to be in grey?
shall authenticate the confidential client using one of the following methods \(this overrides FAPI part 1 clause 5.2.2.4\):
1. Mutual TLS for OAuth Client Authentication as specified in section 2 of [MTLS](https://tools.ietf.org/html/rfc8705);
2. `private_key_jwt` as specified in section 9 of [OIDC](http://openid.net/specs/openid-connect-core-1_0.html);
More information about the Openid-specs-fapi
mailing list